Scribd Logo
Upload

Welcome to Scribd!

  • Instructions Forremovingmalware PDF

    Uploaded by

    Jairo
    14 views12 pages

    Original Title

    instructions_forremovingmalware.pdf

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    14 views12 pages

    Instructions Forremovingmalware PDF

    Uploaded by

    Jairo

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 12

    Federal Department of Finance FDF

    Federal IT Steering Unit FITSU


    Reporting and Analysis Centre for Information Assurance MELANI
    GovCERT.ch

    Instructions for removing malware


    MELANI / GovCERT.ch

    Version: v1.01
    Author: MELANI / GovCERT.ch
    Tested on: Windows 7 Home Premium SP1 Deutsch (64 Bit)

    Disclaimer: All logos used in this document are registered trademarks and/or the property of the corresponding
    1
    holder. These instructions may be further processed in accordance with Creative Commons (CC BY-ND 3.0 ).

    1
    http://creativecommons.org/licenses/by-nd/3.0/

    MELANI / GovCERT.ch Page 1 of 12 27. Juli 2016


    Instructions for removing malware

    Introduction
    These instructions should help you to identify a malware infection on your computer and
    remove it. These instructions were drafted by the Confederation's Reporting and Analysis
    Centre for Information Assurance (MELANI) and tested on a computer using Windows 7. In
    principle, however, the instructions should work with all versions of Windows (Windows XP 2,
    Windows Vista, Windows 8).

    You are probably reading this document because your Internet Service Provider (ISP) drew
    your attention to an infection on your computer or because you suspect your computer is
    infected with malware. These instructions will guide you step by step on how to use Norton
    Power Eraser to scan your computer for malware and remove it.

    *** Important! ***

    Great care was taken when preparing these instructions. However, it is possible that the
    tools described in these instructions are unable to detect all malware. If a computer is
    infected, MELANI generally recommends setting up the computer again, i.e. reinstalling
    the operating system, in order to eliminate possible remnants of malware. MELANI
    assumes no responsibility for the functionality and use of the tools mentioned in these
    instructions. MELANI shall not accept any liability for any damage arising from the use of
    these instructions or the tools described therein.

    If you were the victim of criminal activity and wish to have a criminal investigation
    conducted or have the perpetrators prosecuted, we recommend that you make a
    complaint at your local cantonal police station. In this case, do not attempt to remove the
    malware, as your computer will possibly be needed to secure evidence. We recommend
    not using the computer again until then.

    2
    Microsoft support for Windows XP will end on 8 April 2014. We recommend that users of Windows XP switch
    to a current version of Windows.
    https://support.microsoft.com/de-de/help/13853/windows-lifecycle-fact-sheet

    MELANI / GovCERT.ch Page 2 of 12 27. Juli 2016


    Instructions for removing malware

    Instructions
    These instructions describe how to remove malware using Norton Power Eraser, which is
    provided free of charge by Symantec. Other commercial and free removal tools, or cleaners,
    also exist. Such tools are listed at the end of this document.

    Downloading Norton Power Eraser


    The first step is to download Norton Power Eraser. You need to be connected to the Internet
    to do this. The software can be downloaded at the following URL:

    https://security.symantec.com/nbrt/npe.aspx

    Open the above-mentioned URL in your web browser. The Norton Power Eraser website will
    then open up:

    Figure 1 – Norton Power Eraser website

    You can start downloading by clicking on the "Download" button (indicated in red above).

    MELANI / GovCERT.ch Page 3 of 12 27. Juli 2016


    Instructions for removing malware

    Then the File Download dialogue will open up.

    Figure 2 – Start the download by clicking on "Run"

    Select "Run" by clicking on the relevant button (indicated in red above). The download
    normally takes only a few seconds. As soon as this has finished, Norton Power Eraser will be
    launched. In the case of newer versions of Windows, another User Account Control dialogue
    usually appears.

    Figure 3 – User Account Control: launch Norton Power Eraser by clicking on "Yes"

    MELANI / GovCERT.ch Page 4 of 12 27. Juli 2016


    Instructions for removing malware

    Respond to the User Account Control dialogue by clicking on "Yes" (indicated in red above).
    The software will then be launched.

    The End User License Agreement must be accepted before the software can be used:

    Figure 4 – The End User License Agreement must be accepted in order to be able to
    use the software

    After accepting the End User License Agreement, the initial screen for Norton Power Eraser
    appears:

    MELANI / GovCERT.ch Page 5 of 12 27. Juli 2016


    Instructions for removing malware

    Figure 5 - Initial screen: click on "Scan for Risks" to start the scan

    Click on "Scan for Risks" (indicated in red above) to scan your computer for malware.
    The scan will be performed automatically when the computer is restarted, which is why you
    should now restart your computer:

    Figure 6 – Restart your computer now to commence the scan

    MELANI / GovCERT.ch Page 6 of 12 27. Juli 2016


    Instructions for removing malware

    Once your computer has restarted, the software will automatically search for malware on
    your computer. A corresponding dialogue appears on the screen during the scan:

    Figure 7 – Please wait while the software is scanning your computer for malware

    Depending on the computer, the scan can take several minutes. Please do not switch off
    your computer during the scan and do not use any other programs.

    As soon as the scan has finished, a dialogue will appear on your screen indicating the results
    of the scan and possible removal options.

    MELANI / GovCERT.ch Page 7 of 12 27. Juli 2016


    Instructions for removing malware

    If no malware was found, a corresponding message should appear on your screen:

    Figure 8 – Scan complete; no malware found

    In this case, the process is finished. If you still suspect that your computer is infected,
    particularly if your Internet Service Provider (ISP) drew your attention to an infection on your
    computer, we recommend that you check the computer with other cleaners (see list at the
    end of these instructions) and/or consult an IT specialist.

    MELANI / GovCERT.ch Page 8 of 12 27. Juli 2016


    Instructions for removing malware

    If Norton Power Eraser finds malware, it is listed accordingly:

    Figure 9 – Dialogue if malware was found

    For each piece of malware detected, you can now specify whether Norton Power Eraser
    should remove it (indicated in red above). If you do not know whether a piece of malware
    should be removed or not, the standard setting is recommended (usually "Remove"). When
    you click on "Fix Now" (indicated in red above), Norton Power Eraser creates a system
    restore point and proceeds to remove the malware.

    MELANI / GovCERT.ch Page 9 of 12 27. Juli 2016


    Instructions for removing malware

    In order for the malware to be completely removed, the computer must now be restarted:

    Figure 10 – A computer restart is needed to remove the malware

    The computer will be restarted once you have clicked on "Restart Now".

    MELANI / GovCERT.ch Page 10 of 12 27. Juli 2016


    Instructions for removing malware

    After the computer restart, a corresponding dialogue automatically appears on the screen,
    showing the results of the scan and the actions carried out (removal):

    Figure 11 – The detected malware has been successfully removed

    The detected malware has been removed and Norton Power Eraser can now be closed.

    If you continue to experience difficulties with your computer or suspect your computer is still
    infected, we recommend that you check the computer with other cleaners (see list at the end
    of these instructions) and/or consult an IT specialist.

    *** Important ***

    Malware usually infects computers via vulnerabilities in outdated software and/or careless
    user behaviour. To prevent your computer from being attacked by malware once again, we
    recommend the following guide:

    Rules of conduct for the Internet:


    http://www.melani.admin.ch/rules-of-conduct

    MELANI / GovCERT.ch Page 11 of 12 27. Juli 2016


    Instructions for removing malware

    Further explanations
    This document describes how to use Norton Power Eraser. Other software with similar
    functionality is available from other providers. A list of antivirus software can be found here:

    https://www.melani.admin.ch/melani/en/home/dokumentation/links/security-solutions.html

    The German website botfrei.de has a step-by-step guide on how to use another cleaner.
    Instructions on how to use the EU-Cleaner can be found at the following link:

    https://www.botfrei.de/eucleaner.html

    MELANI / GovCERT.ch Page 12 of 12 27. Juli 2016

    You might also like